>
> > You don't need to. Just run Tripwire(perhaps daily), and check its output
> > if/when the NNTP server needs to be restarted by hand. The same for all
> > other services that might be exposed to an attack.
> > Another idea is to mount directories that very seldom change (such as those
> > where binaries exist, any binaries, including NNTP's) as read-only.
>
>
> Tripwire has always struck me as a useful program, but...
> if I'm going to be paranoid enough to run Tripwire, I should
> keep the base Tripwire database on a read-only partition.
> Now, this database needs updating on regular intervals for
> legitimate internal reasons. Bouncing this partition from
> r-o to r-w every day for Tripwire updates sounds like a real
> pain in the arse.
>
> So, You Tripwire Users Out There: what methods are you using
> to both keep the Tripwire database secure, *and* to make
> Tripwire easy to maintain?
>
I keep my tripwire database on a read-only mounted floppy. You are
right, it is a pain to update the database. I would take a hard
look at why you are updating things daily on your firewall machine,
however. Personally, I think I have changed things once or twice
since I froze the configuration several months ago.
Jeff LaCoursiere
Network Admin
UPRC
Ft. Worth, TX
/**********************************************************************
THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE
**********************************************************************/
|
|
